#!/bin/bash
#动态传参
#服务器IP地址
HOST=$1
SERIAL=`date +%s`

#生成CA数字证书
cat >ca.tmpl <<EOF
cn = "CAGZE CA"
organization = "CAGZE ORG"
serial = 1
expiration_days = 365
ca   
cert_signing_key
EOF

certtool --generate-privkey --outfile ca-key.pem

certtool --generate-self-signed --load-privkey ca-key.pem --template ca.tmpl --outfile ca-cert.pem

#生成服务器证书
cat >server.tmpl <<EOF
cn = $HOST
organization = "CAGZE ORG"
expiration_days = 365
serial = 2
signing_key
encryption_key 
tls_www_server
EOF

certtool --generate-privkey --outfile server-key.pem

certtool --generate-certificate --load-privkey server-key.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem --template server.tmpl --outfile server-cert.pem
